Note that we are always using an association to narrow the scope; current_user.blog_posts.find(...) instead of BlogPost.find(...); and current_user.blog_posts.build(...) instead of BlogPost.new(...). Not only is it much shorter and easier to read, in this case (because you are dealing with users) it is also more secure.

The decision on whether to create a new blogpost or update an existing one is made by checking for the existence of params[:id].

Finally, there's no need to render the blog_post_new action (you had render :url => "#{blog_new_post_url()}") in case of failing validation; rendering that is the default action, so just don't do anything.

Note that we are always using an association to narrow the scope; current_user.blog_posts.find(...) instead of BlogPost.find(...); and current_user.blog_posts.build(...) instead of BlogPost.new(...). Not only is it much shorter and easier to read, in this case (because you are dealing with users) it is also more secure.

The decision on whether to create a new blogpost or update an existing one is made by checking for the existence of params[:id].

Finally, there's no need to render the blog_post_new action (you had render :url => "#{blog_new_post_url()}") in case of failing validation; rendering that is the default action, so just don't do anything.

Re: create new and update in same function as new?

That's not really correct. it will only check weither an id value was passed, and then either look for the corresponding record, or create a fresh one. That doesn't take into account the possibility that some user plays with the id value, and uses an invalid id, which would lead to your app throwing a nil error. I would rather do something like this:

def blog_post_new if params[:id] && @blogpost = current_user.blogposts.find(params[:id]) # there's an id and it is valid -> update attributes @blogpost.attributes = params[:blogpost] elsif !params[:id] #there is no id -> build a new record. @blogpost = current_user.blogposts.build(params[:blogpost]) else # there's an id, but its not valid -> set error message and show the form again flash[:error] = "No Record found for this ID" render :action => "new" #or what the action with the form is called. end

Re: create new and update in same function as new?

is this saying if params[:id] is valid (hence a record that already exist) assign @blogpost to current_user.blog_post.find....else create a new blogpost if params[:id] is not a valid number?

Not exactly. It checks to see that a parameter with the name of "id" was passed and pulls up a blogpost with that ID if it was, or builds a new blogpost if it wasn't. It then assigns the result of either to @blogpost. The idea being that the edit and update actions will pass in an ID, but new and create wont.

Duplex wrote:

That's not really correct . . .

You are right, I wasn't doing exception handling for simplicity's sake. You could just do this, however:

def blog_post_new @blogpost = params[:id] ? current_user.blog_posts.find(params[:id]) : current_user.blog_posts.build(params[:blogpost]) if request.post? @blogpost.attributes = params[:blogpost] if @blogpost.save redirect_to :action => 'index' end end# AR::Base#find raises RecordNotFound when an invalid ID is passedrescue ActiveRecord::RecordNotFound # If somebody is passing in invalid IDs, give them as little info as possible to 'hack' you: flash[:notice] = "Something went wrong with your request. Your request has been logged and an administrator has been advised."end